Securing credit card transactional data is crucial, says Xperien expert

Securing credit card transactional data is crucial, says Xperien expert

Xperien Business Development Manager Francois Engelbrecht says securing credit card transactional data is crucial

Ever wondered where every credit card transaction is recorded and stored and how secure that data is, especially after the hardware on which that data is stored reaches end-of-life?

If this data is compromised and lands in the wrong hands, it could have catastrophic consequences for not only the company concerned, but for the banks and consumers alike.

Not many companies are aware of the Payment Card Industry Data Security Standard (PCI DSS) that requires them to follow the policies and procedures to protect this data. The Payment Association of SA (PASA) has been appointed by Government and the Reserve Bank to implement and regulate PCI DSS.

There is also an overlap with the Protection of Personal Information Act 2013 (PoPI) that stipulates how companies may collect, handle, store and discard information.

This regulation was largely prompted by increased credit card criminal activity, cybercrime and data theft. Although major international card issuers determined this compliancy it is mandated by Government. These regulations come with heavy penalties for those that fail to comply.

“Stolen data can permanently damage a company’s reputation, not to mention creating a whirlwind of legal, financial and reputational problems,” said Xperien Business Development Manager Francois Engelbrecht

“Some businesses never fully recover from a corporate data breach because of the punishing costs and destruction of the brand.

“Old hard drives, backup tapes and Flash Drives are a major security threat for any business; they store a massive amount of confidential data that can easily be compromised. It is a major concern that a company needs to be compromised first before senior management takes actions.

“An increasing number of government regulations, industry standards and internal risk mitigation policies require companies to sanitise storage media prior to disposal or reuse. There are numerous destruction options that guarantee privacy and ensure a company’s reputation will not be compromised. When disposing of these storage devices, one needs to ensure it is done in a responsible and professional manner.”

Browse our latest issue

Intelligent CISO

View Magazine Archive